< Home

dsa peer-public-key

Function

The dsa peer-public-key command configures an encoding format for a Digital Signature Algorithm (DSA) public key and displays the DSA public key view.

The undo dsa peer-public-key command deletes an edited DSA public key.

Format

dsa peer-public-key key-name encoding-type { der | openssh | pem }

undo dsa peer-public-key key-name

Parameters

Parameter Description Value

key-name

Specifies the public key name.

The value is a string of 1 to 30 case-insensitive characters, spaces not supported.

When double quotation marks are used around the string, spaces are allowed in the string.

encoding-type

Indicates an encoding format for a DSA public key.

-

der

Sets the encoding format of the DSA public key to DER.

DER encodes data in hexadecimal format.

-

openssh

Sets the encoding format of the DSA public key to OpenSSH.

OpenSSH encodes data in base-64 format.

OpenSSH is an encoding format based on PEM.

-

pem

Sets the encoding format of the DSA public key to PEM.

PEM encodes data in base-64 format.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When you use a DSA public key for authentication, you must specify the public key of the corresponding client for an SSH user on the server. When the client logs in to the server, the server uses the specified public key to authenticate the client.

Third-party software, such as PuTTY, OpenSSH, and OpenSSL, can be used to generate DSA keys in different formats. The details are as follows:

  • The PuTTY generate DSA keys in PEM format.
  • The OpenSSH generates DSA keys in OpenSSH format.
  • The OpenSSL generates DSA keys in DER format.

After you configure an encoding format for a DSA public key, device automatically generates a DSA public key in the configured encoding format and enters the DSA public key view. Then you can run the public-key-code begin command and manually copy the DSA public key generated on the client to the server.

Follow-up Procedure

After you copy the DSA public key generated on the client to the server, perform the following operations to exit the DSA public key view:

  1. Run the public-key-code end command to return to the DSA public key view.
  2. Run the peer-public-key end command to exit the DSA public key view and return to the system view.

Precautions

The public key on the client is randomly generated by the client software.

If a DSA public key has assigned to an SSH client, release the binding relationship between the public key and the SSH client. If you do not release the binding relationship between them, the undo dsa peer-public-key command will fail to delete the DSA public key.

By default, no encoding format is configured for a DSA public key.

The peer public key supports only PKCS#1. Other PKCS versions are not supported.

Example

# Configure an encoding format for a DSA public key and enter the DSA public key view.

<sysname> system-view
[sysname] dsa peer-public-key 23 encoding-type der
Info: Enter "DSA public key" view, return system view with "peer-public-key end".
[sysname-dsa-public-key]
Parent Topic: Telnet and SSH Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >